Puppet_Web_HTTPS - ACCESS-NRI/accessdev-Trac-archive GitHub Wiki
HTTPS
It's good practice to always use SSL encryption when serving websites. How to do so will depend on the webserver class you're using.
puppetlabs/apache
Set up two vhosts. One will listen on port 80 for unencrypted connections, then redirect them to a HTTPS version, the other will serve the actual content on port 443.
apache::vhost {"${::hostname}-redirect":
servername => $::fqdn,
port => '80',
redirect_status => 'permanent',
redirect_dest => "https://${::fqdn}/",
docroot => '/var/www/null', # Make sure no files are visible on port 80
}
apache::vhost {"${::hostname}-ssl":
servername => $::fqdn,
port => '443',
ssl => true,
custom_fragment => template('roles/webserver/apache-config.erb'),
docroot => '/var/www/html',
}
Apache will set up an unsigned SSL certificate by default that you can use for testing, user-facing sites should use a signed certificate (email NCI to arrange this)